jackie13 Posted June 29, 2007 Share Posted June 29, 2007 Hello everyone, I need to protect a few pages on my website. I already have a third party forum installed. I figured it would be convenient for my users to use their current logins/passwords to view the protected pages. Problem: I am aware that a simple login form I created is vulnerable to brute-force attacks. What easy (or relatively easy) method would you use to limit the number of failed login attempts to, say, 10 attempts a day? Quote Link to comment Share on other sites More sharing options...
Buyocat Posted June 29, 2007 Share Posted June 29, 2007 One solution you could use is to store a timestamp and integer in the user's session. You could then read those in and check the integer and timestamp for a certain frequency, and if some limit was met redirect or block the user from logging in. I think a bigger concern will be leveraging the existing database, but that may be doable if all you're attempting to provide is a username/password check. Quote Link to comment Share on other sites More sharing options...
448191 Posted June 29, 2007 Share Posted June 29, 2007 The simplest solution would be to use the login logic from the forum. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.